App.No.: 09/898,286 
Reply to Office Action of December 9, 2004 

Amendments to the Claims 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 
Listing of Claims: 

1 . (Currently amended) Apparatus providing one or more computer services for a plurality of 
customers, the apparatus comprising a real computer on which is set up at the request of each of 
said customers at least one virtual machine for each of said customers, said at least one virtual 
machine for each of said customers having a specification specified by and configurable by the 
respective custome r and having an operating system running thereon . 

2. (Original) Apparatus according to claim 1, wherein plural virtual machines are set up 
within the real computer for at least one of said customers. 

3. (Original) Apparatus according to claim 1, wherein the or each virtual machine for at least 
one of said customers is connected to a virtual network set up for said at least one customer within 
the real computer. 

4. (Original) Apparatus according to claim 3, comprising a virtual intrusion detection device 
for detecting an attack on the virtual network. 

5. (Original) Apparatus according to claim 1, wherein at least one virtual machine is 
connected to a virtual firewall that is connectable to an external network to which customers and/or 
other users can connect such that access to said at least one virtual machine by a customer or other 
user via a said external network can only take place through a virtual firewall. 

6. (Original) Apparatus according to claim 1, wherein the or each virtual machine for a 
particular customer is connected to a virtual firewall that is dedicated to that customer's virtual 
machine or machines, each virtual firewall being connectable to an external network to which each 
of said customers and/or other users can connect such that access to a virtual machine by a 
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customer or other user via a said external network can only take place through a virtual firewall 
provided for that virtual machine or machines. 

7. (Original) Apparatus according to claim 6, wherein each virtual firewall is set up Mdthin 
the real computer, the or each virtual machine for each customer being connected to a first port of 
the virtual firewall that is dedicated to that customer's virtual machine or machines, each virtual 
firewall having a second port connected to a virtual network that is set up within the real computer 
and that is connectable to an external network. 

8. (Original) Apparatus according to claim 7, wherein the second port of each virtual firewall 
is connected to the same virtual network that is set up within the real computer and that is 
connectable to an extemal network. 

9. (Original) Apparatus according to claim 5, wherein the or at least one of the virtual 
firewalls is implemented by a virtual machine on the real computer, said virtual firewall virtual 
machine running firewall software. 

10. (Original) Apparatus according to claim 1, comprising a plurality of real data storage 
devices and at least one virtual storage subsystem that is configured to allow said real data storage 
devices to emulate one or more virtual storage devices. 

11. (Original) Apparatus according to claim 10, wherein the at least one virtual storage 
subsystem is configured to emulate at least one respective virtual storage device for each customer. 

12. (Original) Apparatus according to claim 10, comprising a detection device for detecting 
evidence of malicious software or hostile attack signatures on the at least one virtual storage 
subsystem. 

13. (Original) Apparatus according to claim 1, wherein the apparatus is configurable to 
provide at least one of the services selected fi-om: file, data and archiving services; applications 
hosting services; database hosting services; data warehouse services; knowledge management 
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hosting services; digital media production services; "intellectual property" and streaming media 
services; simple web hosting services; complex e-Commerce web hosting services; high 
performance computation services; electronic messaging and conferencing services; and, learning 
neuro-computer services. 

14. (Original) Apparatus according to claim 1, comprising virtual private network software to 
provide an encrypted communication channel for communication between at least some of said 
virtual machines. 

15. (Original) Apparatus according claim 1, comprising virtual private network software to 
provide an encrypted communication channel for communication between at least one virtual 
machine and an external computer. 

16. (Original) Apparatus according claim 1, comprising virtual private network software to 
provide an encrypted communication channel for conamunication between a first virtual network 
and a second virtual network. 

17. (Original) Apparatus according to claim 1, comprising virtual private network software to 
provide an encrypted communication channel for communication between a virtual network and an 
external computer. 

18. (Original) Apparatus according claim 1, wherein the real computer comprises plural 
physical computers. 

19. (Original) In combination, a first apparatus according to claim 1 and a second apparatus 
that is substantially identical to said first apparatus, the first and second apparatus being connected 
by a communications channel so that the second apparatus can provide for redundancy of the first 
apparatus thereby to provide for disaster recovery if the first apparatus fails. 

20. (Currently amended) A method of providing one or more computer services for a plurality 
of customers, the method comprising the steps of: 
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a service provider setting up on a real computer at the request of each of said customers at 
least one virtual machine for each of said customers, said at least one virtual machine for each of 
said customers having a specification specified by and configurable by the respective customer and 
having an operating system running thereon . 

21. (Original) A method according to claim 20, comprising the step of setting up plural virtual 
machines v^thin the real computer for at least one of said customers. 

22. (Original) A method according to claim 20, comprising the steps of setting up a virtual 
network for at least one of said customers v^ithin the real computer, and connecting the or each 
virtual machine for said at least one customer to said virtual network. 

23. (Original) A method according to claim 22, comprising the step of using a virtual intrusion 
detection device for detecting an attack on the virtual network. 

24. (Original) A method according to claim 20, comprising the steps of connecting at least one 
virtual machine to a virtual firewall, and connecting the or each virtual firewall to an external 
network to which customers and/or other users can connect such that access to a virtual machine 
by a customer or other user via a said external network can only take place through a virtual 
firewall. 

25. (Original) A method according to claim 20, comprising the step of connecting the or each 
virtual machine for a particular customer to a virtual firewall that is dedicated to that customer's 
virtual machine or machines, and connecting each virtual firewall to an extemal network to which 
each of said customers and/or other users can connect such that access to a virtual machine by a 
customer or other user via a said extemal network can only take place through a virtual firewall 
provided for that virtual machine or machines. 

26. (Original) A method according to claim 25, wherein each virtual firewall is set up within 
the real computer, the or each virtual machine for each customer being connected to a first port of 
the virtual firewall that is dedicated to that customer's virtual machine or machines, each virtual 
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firewall having a second port connected to a virtual network that is set up within the real computer 
and that is connected to an extemal network. 

27. (Original) A method according to claim 26, wherein the second port of each virtual 
firewall is connected to the same virtual network that is set up within the real computer and that is 
connectable to an extemal network. 

28. (Original) A method according to claim 20, comprising the step of configuring at least one 
virtual storage subsystem to allow multiple real data storage devices to emulate one or more virtual 
storage devices. 

29. (Original) A method according to claim 28, comprising the step of configuring the at least 
one virtual storage subsystem to emulate at least one respective virtual storage device for each 
customer. 

30. (Original) A method according to claim 28, comprising the step of using a detection device 
for detecting evidence of malicious software or hostile attack signatures on the at least one virtual 
storage subsystem. 

3 1 . (Original) A method according to claim 20, wherein the services provided include at least 
one of the services selected from: file, data and archiving services; applications hosting services; 
database hosting services; data warehouse services; knowledge management hosting services; 
digital media production services; "intellectual property" and streaming media services; simple 
web hosting services; complex e-Commerce web hosting services; high performance computation 
services; electronic messaging and conferencing services; and, leaming neuro-computer services. 

32. (Original) A method according to claim 20, comprising the step of using virtual private 
network software to provide an encrypted communication channel for communication between at 
least some of said virtual machines. 
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33. (Original) A method according to claim 20, comprising the step of using virtual private 
network software to provide an encrypted communication channel for communication between at 
least one virtual machine and an external computer. 

34. (Original) A method according to claim 20, comprising the step of using virtual private 
network software to provide an encrypted communication channel for communication between a 
first virtual network and a second virtual network. 

35. (Original) A method according to claim 20, comprising the step of using virtual private 
network software to provide an encrypted communication channel for communication between a 
virtual network and an external computer. 

36. (Original) A method according to claim 20, comprising the step of moving said at least one 
virtual machine from a first real computer to a second real computer. 

37. (Currently amended) A method of operating a real computer on behalf of plural customers, 
the method comprising the step of: 

operating plural virtual machines on the real computer, each of said plural virtual machines 
having a specification specified by and configurable by a respective one of the customers in 
accordance with a computer service to be provided by the virtual machine on behalf of that 
custome r, each of said virtual machines having an operating system running thereon . 

38. (Original) A method according to claim 37, comprising the step of operating plural virtual 
machines within the real computer for at least one of said customers. 

39. (Original) A method according to claim 37, comprising the step of operating a virtual 
network for at least one of said customers within the real computer, the or each virtual machine for 
said at least one customer being connected to said virtual network. 

40. (Original) A method according to claim 39, comprising the step of using a virtual intrusion 
detection device for detecting an attack on the virtual network. 
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41. (Original) A method according to claim 37, wherein at least one virtual machine is 
connected to a virtual firewall, the or each virtual firewall being connected to an external network 
to which customers and/or other users can connect such that access to a virtual machine by a 
customer or other user via a said extemal network can only take place through a virtual firewall. 

42. (Original) A method according to claim 37, wherein the or each virtual machine for a 
particular customer is connected to a virtual firewall that is dedicated to that customer's virtual 
machine or machines, each virtual firewall being connected to an extemal network to which each 
of said customers and/or other users can connect such that access to a virtual machine by a 
customer or other user via a said extemal network can only take place through a virtual firewall 
provided for that virtual machine or machines. 

43. (Original) A method according to claim 42, wherein each virtual firewall is set up within 
the real computer, the or each virtual machine for each customer being connected to a first port of 
the virtual firewall that is dedicated to that customer's virtual machine or machines, each virtual 
firewall having a second port connected to a virtual network that is set up within the real computer 
and that is connected to an extemal network. 

44. (Original) A method according to claim 43, wherein the second port of each virtual 
firewall is connected to the same virtual network that is set up within the real computer and that is 
connectable to an extemal network. 

45. (Original) A method according to claim 37, wherein at least one virtual storage subsystem 
is provided and configured to allow multiple real data storage devices to emulate one or more 
virtual storage devices. 

46. (Original) A method according to claim 45, wherein the at least one virtual storage 
subsystem is configured to emulate at least one respective virtual storage device for each customer. 
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47. (Original) A method according to claim 45, wherein a detection device is used for 
detecting evidence of malicious software or hostile attack signatures on the at least one virtual 
storage subsystem. 

48. (Original) A method according to claim 37, wherein the services provided include at least 
one of the services selected from: file, data and archiving services; applications hosting services; 
database hosting services; data warehouse services; knowledge management hosting services; 
digital media production services; "intellectual property" and streaming media services; simple 
web hosting services; complex e-Commerce web hosting services; high performance computation 
services; electronic messaging and conferencing services; and, learning neuro-computer services. 

49. (Original) A method according to claim 37, comprising the step of using virtual private 
network software to provide an encrypted communication charmel for communication between at 
least some of said virtual machines. 

50. (Original) A method according to claim 37, comprising the step of using virtual private 
network software to provide an encrypted communication channel for commimication between at 
least one virtual machine and an external computer. 

51. (Original) A method according to claim 37, comprising the step of using virtual private 
network software to provide an encrypted communication channel for communication between a 
first virtual network and a second virtual network. 

52. (Original) A method according to claim 37, comprising the step of using virtual private 
network software to provide an encrypted communication channel for communication between a 
virtual network and an external computer. 

53. (Currently amended) A method according to claim 37_§^, comprising the step of moving 
said at least one virtual machine from a first real computer to a second real computer. 
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54. (Currently amended) A method of providing for a plurality of customers one or more 
computer services selected from: file, data and archiving services; applications hosting services; 
database hosting services; data warehouse services; knowledge management hosting services; 
digital media production services; "intellectual property" and streaming media services; simple 
web hosting services; complex e-Commerce web hosting services; high performance computation 
services; electronic messaging and conferencing services; and, learning neuro-computer services; 
the method comprising the steps of: 

setting up on a real computer at the request of each of said customers at least one virtual 
machine for each of said customers, said at least one virtual machine for each of said customers 
having a specification determined in accordance with the computer service or services requested by 
said customer and being configurable by said customer, said at least one virtual machine having an 
operating system running thereon . 

55. (Original) A method according to claim 54, comprising the step of moving said at least one 
virtual machine from a first real computer to a second real computer. 

56. (New) Apparatus according to claim 1, wherein at least one of said virtual machines 
provides at least a virtual central processor unit. 

57. (New) Apparatus according to claim 1, wherein at least one of said virtual machines is 
created using a virtual machine abstraction program. 

58. (New) Apparatus according to claim 1, wherein at least one of said virtual machines is 
created using machine simulation/emulation software. 

59. (New) A method according to claim 20, wherein at least one of said virtual machines 
provides at least a virtual central processor unit. 

60. (New) A method according to claim 20, wherein at least one of said virtual machines is 
created using a virtual machine abstraction program. 
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61. (New) A method according to claim 20, wherein at least one of said virtual machines is 
created using machine simulation/emulation software. 

62. (New) A method according to claim 37, wherein at least one of said virtual machines 
provides at least a virtual central processor unit. 

63. (New) A method according to claim 37, wherein at least one of said virtual machines is 
created using a virtual machine abstraction program. 

64. (New) A method according to claim 37, wherein at least one of said virtual machines is 
created using machine simulation/emulation software. 
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